Shaw Renewables the bioenergy specialists

GDRP Policy


The EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force on 25 May 2018, superseding the Data Protection Act 1998. It grants data subjects (those whom data is gathered from) a range of new rights, giving them more control over how their data is used. Organisations are subject to responsibilities and obligations, including the need to demonstrate compliance.


What are we doing to ensure compliance?

At the Shaw Business Group, we are committed to protecting and respecting the privacy of individuals and take our obligations under data protection legislation seriously. We already manage personal data in accordance with the standards for ISO 19001.

Our four business units process personal data – we understand the importance of good data practices and seek to continuously improve our systems. Some of the specific steps we take include:

  • Data Reviews – We regularly conduct reviews of all personal data we hold in order to responsibly manage where this data is held, why we hold it and for how long, improving our practises wherever we can.
  • Process Updates – We update our procedures to ensure we have the tools to maintain compliance with GDPR. This includes policies such as our data security and incident response plans. 


Jayne Shaw
Quality Manager
Shaw Business Group